Anti-virus vulnerabilities strike again
PrintMcAfee follows Symantec, Trend et al on patch bandwagon
Posted in Software & Security, 18th March 2005 11:07 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Users of McAfee’s anti-virus products were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researchers at ISS - involves flaws in the processing of LHA files by an antivirus library that gives rise to possible stack overflow attacks. The flaw applies to McAfee AntiVirus Library prior to version 4400.
"Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by McAfee AntiVirus Library product," ISS warns.
Desktop, server and gateway versions of McAfee's anti-virus scanners all need patching but this will happen automatically as anti-virus signatures are updated. Several large vendors and ISP's use McAfee's AntiVirus Library in their products or services, which likewise need an upgrade.
Over recent weeks ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files. ®
Related stories
Symantec anti-virus flaw hits 30 products
Patch now against virus-writing clowns
Trend Micro archive bug unearthed
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs